Security news aggregator

Latest coverage for Flaw

Stay updated on the latest in information security flaws. Explore news, insights, and analysis on vulnerabilities affecting digital safety.

27 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

A flaw is a defect in software, hardware, system design, or configuration that causes unintended behavior. In security reporting, the term usually means a weakness that could violate confidentiality, integrity, or availability when reached through a particular interface, input, privilege, or operating condition. Not every flaw is exploitable, and exploitability depends on factors such as exposure, authentication requirements, affected versions, and available mitigations.

Flaws matter because they can create attack paths in applications, operating systems, devices, APIs, or administrative settings. Security teams assess their severity and exposure, prioritize remediation, apply patches or configuration changes, and use isolation or access controls when immediate fixes are unavailable. Code review, testing, vulnerability scanning, and monitoring can reveal flaws across the development and operational lifecycle. Reports should distinguish a confirmed vulnerability from a theoretical defect and provide enough technical detail to support validation without unnecessarily enabling exploitation.

Showing 20 most recent headlines of 27 Filtered view
Bank Info Security 10 months, 3 weeks ago

Copilot Kept Access Logs Unless You Told It Not To

Copilot Falls for Prompt Injection Yet AgainMicrosoft quietly fixed a flaw that allowed users to instruct embedded artificial intelligence model Copilot not to log its access corporate files. "If you work at an organization that used Copilot prior to Aug 18, there is a very real chance that your audit log is incomplete."

Bank Info Security 10 months, 3 weeks ago

Nuance Agrees to Pay $8.5M to Settle MOVEit Hack Litigation

Settlement Is Latest Among Scores of Other MOVEit Lawsuits Still PendingNuance Communications, a Microsoft subsidiary, has agreed to pay $8.5 million to settle class action litigation filed after hackers exploited a zero-day flaw in Progress Software's MOVEit file transfer software in 2023, stealing data belonging to more than a dozen of Nuance's healthcare clients.

Move along, nothing to see here Amazon has quietly fixed a couple of security issues in its coding agent: Amazon Q Developer VS Code extension. Attackers could use these vulns to leak secrets, including API keys from a developer's machine, and run arbitrary code.…

Bank Info Security 10 months, 3 weeks ago

McFlaw: Hacker Breaches McDonald's Portal With URL Trick

Hacking Was the Easy Part, Notifying McDonald's the Extremely Difficult BitA security researcher gained access to McDonald's global marketing portal by changing a single word in its URL, uncovering a slew of additional vulnerabilities. The hard part was notifying the burger giant about the flaws, says self-described ethical hacker "BobDaHacker."

Burger slinger gets a McRibbing, reacts by firing staffer who helped A white-hat hacker has discovered a series of critical flaws in McDonald's staff and partner portals that allowed anyone to order free food online, get admin rights to the burger slinger's marketing materials, and could allow an attacker to get a corporate email account with which to conduct a little filet-o-phishing.…

Reconfigure local app settings via a 'simple' POST request A now-patched flaw in popular AI model runner Ollama allows drive-by attacks in which a miscreant uses a malicious website to remotely target people's personal computers, spy on their local chats, and even control the models the victim's app talks to, in extreme cases by serving poisoned models.…

Loading more headlines...